Trojan

Should I remove “Trojan:MSIL/FormBook.EWG!MTB”?

Malware Removal

The Trojan:MSIL/FormBook.EWG!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Trojan:MSIL/FormBook.EWG!MTB virus can do?

  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid

How to determine Trojan:MSIL/FormBook.EWG!MTB?


File Info:

name: 611E776057D8B06F4AD1.mlw
path: /opt/CAPEv2/storage/binaries/06da85f3164f9124c655f11901dc7e1e4e027a9e1b105ff9897bf8ad626da38c
crc32: B4DD5DFC
md5: 611e776057d8b06f4ad125888e998943
sha1: d9afc4204fbdcb09d2cf899f9756fe40fb3ae0f0
sha256: 06da85f3164f9124c655f11901dc7e1e4e027a9e1b105ff9897bf8ad626da38c
sha512: aeb98f809fd1429fca8bbb789943629a626430989caec2c29132ff83343b7761641aa04eb8b787e8f301ca4dfce32859a64ba77f8e10edd68712882bcefcc7ff
ssdeep: 12288:weHqLlnT6xnuF1GCVdcftWyKWrczpTtGMar9fGqUz22xcysBheGYUf:g2cBFWr19DV/
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1B4B401AAB7E64E12C51E4A76C1E3521003BEFA47AA73E35E37D402471D427F8CB45AC9
sha3_384: f32e2dac28f60d7c09403405b33af82c7dc9dad6814e569d348732e621c7138200db3ede0fe78e203b5234c484a1a165
ep_bytes: ff250020400000000000000000000000
timestamp: 2022-06-28 11:23:46

Version Info:

Translation: 0x0000 0x04b0
Comments:
CompanyName: Express Merchant Service
FileDescription: Project Soffer
FileVersion: 1.0.11.0
InternalName: BaseChannelWithPropert.exe
LegalCopyright: Express Merchant Service 2022
LegalTrademarks:
OriginalFilename: BaseChannelWithPropert.exe
ProductName: Project Soffer
ProductVersion: 1.0.11.0
Assembly Version: 1.8.0.0

Trojan:MSIL/FormBook.EWG!MTB also known as:

BkavW32.AIDetectNet.01
FireEyeGeneric.mg.611e776057d8b06f
SangforSuspicious.Win32.Save.a
Cybereasonmalicious.04fbdc
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
APEXMalicious
Paloaltogeneric.ml
KasperskyUDS:Trojan.MSIL.Taskun.gen
AvastPWSX-gen [Trj]
McAfee-GW-EditionArtemis
SentinelOneStatic AI – Malicious PE
MicrosoftTrojan:MSIL/FormBook.EWG!MTB
CynetMalicious (score: 100)
Acronissuspicious
McAfeeArtemis!611E776057D8
IkarusTrojan.MSIL.ClipBanker
MaxSecureTrojan.Malware.300983.susgen
BitDefenderThetaGen:NN.ZemsilF.34742.Em0@a0sx2Cm
AVGPWSX-gen [Trj]

How to remove Trojan:MSIL/FormBook.EWG!MTB?

Trojan:MSIL/FormBook.EWG!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment